What I'm not asking is a way for a trusted server-owner to authenticate that they are running the server to a client. That would just be a cert.

What I was hoping for is a way to limit the power of a server-owner running open-source code, by making them prove they are running the version of open-source code they say they are.

User story:
An open-source Snapchat wants to prove to any users wishing to audit their deployment that their photos are actually being deleted, in accordance with GDPR or just their own privacy policy.

Attempted solutions:
I was thinking that a Ubuntu server could provision a weak user for ssh, with some very specific read-only commands enabled in order to prevent sabotaging the system itself.

This subset could include things like: top, an ability to compute checksums, cat for reading source files, etc.

Issues:
One flaw is that all user data has to be considered public knowledge while it has the right to exist. So in the context of the story, everyone can see your photos up until they are deleted, and then no one can (unless they saved it).

Another flaw I see in that is that the binaries for those linux commands itself could ALL be manipulated to cover for the code, and for one another. So they reflect maliciously valid results for invalid, malicious inputs.

At that point, if you let the audit user bring in and execute his own version of a checksum binary, you've probably given the game up as a server-owner because he could just execute arbitrary code, or overflow the disk.

Is there any known way to accomplish this in theory or in practice, or are these requirements impossible through some contradiction, like in the last paragraph I mentioned?

This is also known as "trusted computing" or "remote code attestion" and is already quite difficult to get right (especially without trusted hardware) for highly constrained embedded systems. So there might not be a truly satisfying solution here.
– SEJPMSep 22 '19 at 18:20

1

@SEJPM Perfectly fine if there's no correct or established answer, those terms give me a good place to start researching. I was googling earlier but all I kept getting was ads for a cert provider.
– user3015971Sep 22 '19 at 18:28